I want to make it so that there can be a random var inside of a replacement
so
replace [blah] %var% [/blah] with <blah> %var% </blah>
So the %var can be anythin as long as there is [blah] and [/blah] around it.
You can use str_replace() in php to parse BBCode
For example you can do
[code]str_replace("[blah]","<blah>"); [/code]
You can extend that by using an array of BBCodes or even a regular expression, I'm on my iPhone right now so can't explain that too well
preg_replace_callback
Don't use str_replace. Instead use some regex, or alternatively this PECL extension: [URL]http://php.net/manual/en/book.bbcode.php[/URL]
There is an example on using regex to do it here [url]www.php.net/manual/en/function.bbcode-create.php#93349[/url]
Potentially you could even do it with Javascript, if you wanted. Although PHP would be far superior.
[QUOTE=SataniX;34989488]Potentially you could even do it with Javascript, if you wanted. Although PHP would be far superior.[/QUOTE]
That's a very unsafe thing to do. It could lead way to some nasty XSS exploits.
[QUOTE=TerabyteS_;34990202]That's a very unsafe thing to do. It could lead way to some nasty XSS exploits.[/QUOTE]
Surely not if you're only doing something like this?
[code]document.getElementByID('x').innerHTML = document.getElementById('x').innerHTML.replace(/\[hr\]/, '<hr />');[/code]
HR used purely as an example.
I understand it would be vulnerable if it was in a [x=y]axy[/x] form though.
Example for bold
[php]
$text = preg_replace('#\[b\](.*?)\[/b\]#si', '<strong>\1</strong>', $text);
[/php]
Example for center
[php]
$text = preg_replace('#\[center\](.*?)\[/center\]#si', '<div style=\'text-align:center\'>\1</div>', $text);
[/php]
<center>'s deprecated replacement
Example for color.
[php]
$text = preg_replace('#\[color=(black|blue|brown|cyan|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|violet|white|yellow)\](.*?)\[/color\]#si', '<span style=\'color:\1\'>\2</span>', $text);
$text = preg_replace('#\[color=([\#a-f0-9]*?)\](.*?)\[/color\]#si', '<span style=\'color:\1\'>\2</span>', $text);
[/php]
First line for words, second line for hex.
[QUOTE=Uglehs;35003477]Example for bold
[php]
$text = preg_replace('#\[b\](.*?)\[/b\]#si', '<strong>\1</strong>', $text);
[/php]
Example for center
[php]
$text = preg_replace('#\[center\](.*?)\[/center\]#si', '<div style=\'text-align:center\'>\1</div>', $text);
[/php]
<center>'s deprecated replacement
Example for color.
[php]
$text = preg_replace('#\[color=(black|blue|brown|cyan|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|violet|white|yellow)\](.*?)\[/color\]#si', '<span style=\'color:\1\'>\2</span>', $text);
$text = preg_replace('#\[color=([\#a-f0-9]*?)\](.*?)\[/color\]#si', '<span style=\'color:\1\'>\2</span>', $text);
[/php]
First line for words, second line for hex.[/QUOTE]
potentially vulnerable to xss
[QUOTE=swift and shift;35003550]potentially vulnerable to xss[/QUOTE]
Obviously, im not fucking retarded. I never said use that code by itself, It was an example of what OP requested. What am I supposed to make the whole script or an EXAMPLE, which I stated?
So do not disagree a post because you want to be a jackass, you can instead point out to the OP that he should add xss prevention if he was to use that bit of code ever.
Also instead of stating the obvious, you could of posted (for the op) a way to prevent xss.
You can use something like this to prevent xss
[php]
function stripinput($text) {
if (!is_array($text)) {
$text = stripslash(trim($text));
$search = array("&", "\"", "'", "\\", '\"', "\'", "<", ">", " ");
$replace = array("&", """, "'", "\", """, "'", "<", ">", " ");
$text = preg_replace("/(&)+(?=\#([0-9]{2,3});)/i", "&", str_replace($search, $replace, $text));
} else {
foreach ($text as $key => $value) {
$text[$key] = stripinput($value);
}
}
return $text;
}
[/php]
I didn't make it, but I have always used it in my project maincores.
html_special_chars
[editline]5th March 2012[/editline]
also it can be super easy to fuck up bbcode if you're not careful
[QUOTE=Uglehs;35003761]Obviously, im not fucking retarded. I never said use that code by itself, It was an example of what OP requested. What am I supposed to make the whole script or an EXAMPLE, which I stated?
So do not disagree a post because you want to be a jackass, you can instead point out to the OP that he should add xss prevention if he was to use that bit of code ever.[/QUOTE]
Holy fuck don't be so god damn aggressive he was just pointing out an obvious flaw, your fault for not elaborating.
Use markdown. It's easier for everybody.
[QUOTE=Uglehs;35003761]
[php]
function stripinput($text) {
if (!is_array($text)) {
$text = stripslash(trim($text));
$search = array("&", "\"", "'", "\\", '\"', "\'", "<", ">", "*");
$replace = array("&", """, "'", "\", """, "'", "<", ">", " ");
$text = preg_replace("/(&)+(?=\#([0-9]{2,3});)/i", "&", str_replace($search, $replace, $text));
} else {
foreach ($text as $key => $value) {
$text[$key] = stripinput($value);
}
}
return $text;
}
[/php]
I didn't make it, but I have always used it in my project maincores.[/QUOTE]
Sir, I'm here to confiscate your php and maincores, please come with me.
[QUOTE=StinkyJoe;35010708]Sir, I'm here to confiscate your php and maincores, please come with me.[/QUOTE]
I used it for arrays.
Sorry, you need to Log In to post a reply to this thread.
